Home HTTP Headers Checker
DNS lookup
readyInspect HTTP response headers for any public URL. Captures content-type, server, security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy), cache directives, and cookies.
How it works
This tool fetches the URL via the public api.allorigins.win CORS proxy, which performs a server-side HTTP request and returns the response headers as JSON. The proxy is operated by allorigins.win - we do not log or store the URLs you enter.
FAQ
Why route through a proxy?
Browsers block cross-origin reads of response headers by default (CORS). The api.allorigins.win proxy fetches server-side and returns the headers in a JSON envelope.
What headers are typically interesting?
Security: strict-transport-security (HSTS), content-security-policy (CSP), x-frame-options, referrer-policy, permissions-policy. Caching: cache-control, etag, last-modified. Server identity: server, x-powered-by. Content: content-type, content-encoding.
Why does the proxy fail on some sites?
The proxy obeys robots.txt and rate limits; some sites block known proxies or require user-agent spoofing. For paid or authenticated endpoints, use curl locally instead.
Does this work for HTTP/2 or HTTP/3?
The proxy negotiates the best HTTP version with the target server; results show the headers returned regardless of protocol version.
Does this save my inputs?
Last URL persists in localStorage. The URL is sent to api.allorigins.win for the proxy fetch; nothing is logged on JustKit.